Debian: DSA-3945-1: linux security update

    Date17 Aug 2017
    CategoryDebian
    77
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3945-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    August 17, 2017                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : linux
    CVE ID         : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533
                     CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605
                     CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363
                     CVE-2017-1000365
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2014-9940
    
        A use-after-free flaw in the voltage and current regulator driver
        could allow a local user to cause a denial of service or potentially
        escalate privileges.
    
    CVE-2017-7346
    
        Li Qiang discovered that the DRM driver for VMware virtual GPUs does
        not properly check user-controlled values in the
        vmw_surface_define_ioctl() functions for upper limits. A local user
        can take advantage of this flaw to cause a denial of service.
    
    CVE-2017-7482
    
        Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
        not properly verify metadata, leading to information disclosure,
        denial of service or potentially execution of arbitrary code.
    
    CVE-2017-7533
    
        Fan Wu and Shixiong Zhao discovered a race condition between inotify
        events and VFS rename operations allowing an unprivileged local
        attacker to cause a denial of service or escalate privileges.
    
    CVE-2017-7541
    
        A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN
        driver could allow a local user to cause kernel memory corruption,
        leading to a denial of service or potentially privilege escalation.
    
    CVE-2017-7542
    
        An integer overflow vulnerability in the ip6_find_1stfragopt()
        function was found allowing a local attacker with privileges to open
        raw sockets to cause a denial of service.
    
    CVE-2017-7889
    
        Tommi Rantala and Brad Spengler reported that the mm subsystem does
        not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,
        allowing a local attacker with access to /dev/mem to obtain
        sensitive information or potentially execute arbitrary code.
    
    CVE-2017-9605
    
        Murray McAllister discovered that the DRM driver for VMware virtual
        GPUs does not properly initialize memory, potentially allowing a
        local attacker to obtain sensitive information from uninitialized
        kernel memory via a crafted ioctl call.
    
    CVE-2017-10911 / XSA-216
    
        Anthony Perard of Citrix discovered an information leak flaw in Xen
        blkif response handling, allowing a malicious unprivileged guest to
        obtain sensitive information from the host or other guests.
    
    CVE-2017-11176
    
        It was discovered that the mq_notify() function does not set the
        sock pointer to NULL upon entry into the retry logic. An attacker
        can take advantage of this flaw during a userspace close of a
        Netlink socket to cause a denial of service or potentially cause
        other impact.
    
    CVE-2017-1000363
    
        Roee Hay reported that the lp driver does not properly bounds-check
        passed arguments, allowing a local attacker with write access to the
        kernel command line arguments to execute arbitrary code.
    
    CVE-2017-1000365
    
        It was discovered that argument and environment pointers are not
        taken properly into account to the imposed size restrictions on
        arguments and environmental strings passed through
        RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of
        this flaw in conjunction with other flaws to execute arbitrary code.
    
    For the oldstable distribution (jessie), these problems have been fixed
    in version 3.16.43-2+deb8u3.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.